| Revision Date: | 2012-11-19 | Version: | 8 |
| Title: | Heap based memory corruption vulnerability in "StripTags()" function within the USF and Text subtitles decoders in VideoLAN VLC Media Player 1.1 before 1.1.6 |
| Description: | The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening "<" without a closing ">" in an MKV file, which triggers heap memory corruption, as demonstrated using refined-australia-blu720p-sample.mkv. |
| Family: | windows | Class: | vulnerability |
| Status: | ACCEPTED | Reference(s): | CVE-2011-0522
|
| Platform(s): | Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
| Product(s): | VLC Media Player
|
| Definition Synopsis |
| VLC media player is installed AND Version of VLC Media Player greater than or equal to 1.1.0 and less than 1.1.6
|